The #CelebGate Nude Photographs Hack of 2014; stormy skies for the cloud business

(Katherine Heigl may have been among the victimized celebrities)

Despite all conspiracy theories as may abound, the massive hack of any number of celebrities iCloud accounts through which their intimate pictures were made public on Sunday was not the work of President Coriolanus Snow’s minions to attack the character of Katniss Everdeen and undermine her as the icon of the revolt against his oppresive regime. Contrary to many such hoaxes that proliferated in the days of the Web 1.0, back when imaging software was still so primitive you could easily tell that a celeb’s face had been pasted on a naked woman’s body’s picture, this time it’s very much for real.

Througout the past couple of days the attention of the media and public at large (put any of the URLs below into Bitly.com and you’ll see they’re all «Catching Fire» -pun totally intended, as Jeniffer Lawrence has been made into the poster girl for the victims of this attack-) has been captured by a massive breach of the security in Apple’s iCloud by a hacker who leaked into the 4chan message board heaps of snapshots that an A-List of female celebrities had taken in the intimacy of their private spaces for purposes that should not concern the public. The first thing stemming from this we should reflect upon is: does this matter in a world where there are/have been armed conflicts claiming thousands of lives and billions in damages going on in the Ukraine, Israel, the Gaza strip and Irak? Is it relevant when an infectious epidemic for which no efficient cure has yet been discovered spreads throughout Africa and seeps into other continents? Should we give a rat’s ass about these celebrities’ derrieres (and other parts) being so exposed?

In some way, and at some level, the answer is YES. For many lucky people, armed conflict remains something not to be experienced but in the very worst of scenarios, and they may never become exposed to the Ebola virus at all. However a massive leak of nude celebrity pictures powerfully calls the attention, and however out of people’s reach or leagues the inhabitants of the Olympus of stardom might be, the fact that a service they use as most other people do hits very close to home, and brings into question a number of things.

For starters, a word of warning to the E-peepers who would look upon such images: if not out of respect for them or themselves (as Mary E. Winstead has put forth), while the question of «how?» this hacker did it, which is for Apple and the Feds to answer, the question you should have on your mind before you view/download these images ought to be «why did he/she do it?». Do you really think that this person is a benefactor of the lewd and did this so that the lonely guys out there could have something of their liking to «entertain themselves» with? Or just to gain notoriety in hacking circles. I would not think so; it seems unlikely that such an undertaking would have been made just for kicks. Be warned that JPG and PNG images can, have been and are still used to inject systems with malicious codes written into them. So it might be reasonable to entertain the possibility that despite honest confirmations of the authenticity of the images by some of the celebrities involved, these images may have been tampered with prior to them being uploaded all the time knowing that they would have a wide audience precisely because they would have captured the attention of the media and the public. So potentially there is the risk that by perusing these pictures your system could now be part of a very large botnet, or that your personal information has been siphoned off of it.

Having said that, the First matter to address is what a parent is to say to his/her daughter/son about sexting, when it becomes a matter of public record that all these celebrities that youngsters look up to have made it a part of their intimacy? Just a week ago some parents in Virginia turned their daughter in to the police in order to prevent her from further involvement in sexting. For sure, it’s probably been going on since photography was invented (remember the part in Parenthood when Diane Weist gets the nude pictures that Martha Plimpton’s and Keanu Reeves’s characters had shot?), and the easy answer would be: they’re big girls, and they knew (or ought to have known) what they were doing and the risks involved. Even more so of course if the matter was a publicity stunt such as those trite celebrity sex tapes that «accidentally» got out and brought the figure(s) involved back under the spotlight.

The Second matter is that, as usual, public attention and outcry always comes when this happens to the high and mighty, but not so much so when it happens to «Jane Town». For years victims of «revenge porn» have been fighting for legislation to criminalize the act of disseminating intimate images of people without their consent. While anyone has the right to take this up to the authorities for them to attempt and prosecute the poster and those who aided and abetted him/her, as well as to sue to seek redress, it is all the more difficult (and expensive) for the average Jane or Joe on the street, whereas this case has speedily mobilized the Feds to prosecute the culprit.

And even if the culprit is ever apprehended, existing law may still have rather ample loopholes through which that person could elude some measures of liability. Also there’s the difficulty of getting the website operators to take the offending materials down, as many often benefit from exemptions afforded to «passive sites», much needed for the development of the Web and eCommerce as we know them today, which unfortunate collateral effect is sometimes that questionable sites get off the hook through the same avenues available to the reputable sites we all know, whether the «Communications Decency Act» or  §512 of the Copyright Act, supported by case law in law school case books (ie. Zeran v. America Online and Blumenthal v. Drudge) which is the reason these materials often show up on open sites, such as messages boards and other such, and also not on social networks, as their Terms of Use generally provide against sexually explicit, libelous and/or harassing content. I myself have succeed in having such content removed from some social networks in a case or two, and the accounts involved cancelled, but others can prove to not be as cooperative in so doing, or in producing the information of the user concerned. So getting such offending content removed from the Web may be a Herculean feat, or nearly impossible once it has «gone viral».

Another matter to consider is that not only these celebrities’ intimacy and dignity have been breached, but also their privacy as digital photographs have metadata embedded in them that can reveal the location where they were taken. That may not be a big deal if the photo shooting was done in a hotel while on location when a film was being shot; however the proposition is entirely different with pictures shot in the celebrities’ (or anyone elses’) homes.

Third, there’s the damage such instances can wreck on the reputation of the storage provider concerned, maybe even on the lot of them, at a time when all the major tech companies wage a price war in the market for cloud computing services, forcing smaller companies in the business of cloud storage, such as Box, Dropbox and Hightail, to «pivot» their business models. While under a theory of free markets with some antitrust checks such competition and pivoting may work to the benefit of consumers, who will have more innovative products and services at lower and more competitive prices, the fact is that this could be as harmful to Apple, specifically, and to the cloud business, generally, as the ignition switch recall was for General Motors. How could one rely on cloud storage services when an event such as this happens?

What exactly does Apple’s iCloud’s Security and Privacy Overview state?

Data Security

iCloud secures your data by encrypting it when it is sent over the Internet, storing it in an encrypted format when kept on server (review the table below for detail), and using secure tokens for authentication. This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud. iCloud uses a minimum of 128-bit AES encryption—the same level of security employed by major financial institutions—and never provides encryption keys to any third parties.

Security and iCloud Features
The table below summarizes how your data is secured when using various iCloud features:

Beg your pardon, but I’m a bit confused; right in the line where it says «iCloud.com», the column for Encryption on Server also says «All sessions at iCloud.com are encrypted with SSL. Any data accessed via iCloud.com is encrypted on server as indicated in this table.» so is the data itself encrypted while stored on their server, or is only the access thereto?

And as is customary, the provide as follows:

Your Account

As a registered user of the Service, you may establish an Account. Don’t reveal your Account information to anyone else. You are solely responsible for maintaining the confidentiality and security of your Account and for all activities that occur on or through your Account, and you agree to immediately notify Apple of any security breach of your Account. You further acknowledge and agree that the Service is designed and intended for personal use on an individual basis and you should not share your Account and/or password details with another individual. Provided we have exercised reasonable skill and due care, Apple shall not be responsible for any losses arising out of the unauthorized use of your Account resulting from you not following these rules.

So what exactly happens when it is the media at large, and not the user, that notifies Apple of security breaches to numerous accounts? You are looking at it, ladies and gentlemen.

Disclaimer of Warranties

APPLE DOES NOT REPRESENT OR GUARANTEE THAT THE SERVICE WILL BE FREE FROM LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, OR OTHER SECURITY INTRUSION, AND APPLE DISCLAIMS ANY LIABILITY RELATING THERETO.

Of course, how could it? No system is impregnable (Spanish speakers, this means something entirely different in English); however, at which point and how should a line be drawn between a reasonable exemption from liability for companies in a business which participants are constantly beset by their own governments and foreign sovereigns, as well as rouge military units, so much so that even the NATO allies are about to include cyberattacks as a trigger for the Alliance’s defense mechanisms.

In sum, issues stemming from this case which are to be discussed and sorted out over the months (or years) to come range from personal issues for the affected celebrities, social issues because of the perception of these icons that youths might develop, as well as from the fact that as has been underscored all victims are female, technical issues for the security and privacy professionals working with and for tech companies (apparently the exploited vulnerability lay in the «Find my iPhone» app in the victims’ handsets), business issues concerning how to salvage the trust of tech users and consumers before the cloud business dissipates, as well as legal and political issues for lawmakers and regulators to respond to.

Preserving privacy and security online and on the cloud is paramount for contemporary life and business. While most people can do without racy/raunchy pictures of themselves and/or their intimate partners, or at least live without having them in digitial formats and available at any place and time, it would seem unfeasible and virtually (pun intended) unbearable to go back to life, work and entertainment the world over as they were in the 1970’s.

To close on a high note, even though some of the women affected by this attack make a (pretty decent) living on their physique, and at least one relies very heavily on her one ASSet and «talent» for selfies, the fact is that they are nevertheless persons and women, and the fact that they are performers does not necessarily mean that they have such thick skin to be 100% OK with their intimate images spread throughout the Web. For example, even though she was playing a stripper in Closer, and the film was quite ghastly, Natalie Portman had her full-frontal nude removed from the film: «Actress Natalie Portman ordered director Mike Nichols to remove her full frontal nude scenes from her latest movie Closer – despite playing a stripper in the film. Nichols is very protective of the 23-year-old beauty and agreed the topless footage was acceptable, but decided raunchy shots of her fully nude were gratuitous and should be deleted from the drama. Portman explains, «He wants to see my bare ass much less than (even) my father would. He’s as or more protective of me than my parents are. So doing sexual, physical stuff for him felt very uncomfortable.»